Shared secret: EDR killer in the kill chain
A look under the hood at a tool designed to disable protections
Similar Posts
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
Bys sAn advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a…
#StopRansomware: Medusa Ransomware
Bys sRelease Date: March 12, 2025 Alert Code: AA25-071A Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect…
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
Bys sSometimes we like insider leaks, right? Divya reports: A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations,……
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
Bys sThis week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being…
New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station
Bys sA team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software…
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
Bys sThe Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where “TGR” stands for “temporary…